top of page
< Back

3.6.5 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 3: Protect stored cardholder data


Retirement or replacement (for example, archiving, destruction, and/or revocation) of keys as deemed necessary when the integrity of the key has been weakened (for example, departure of an employee with knowledge of a clear-text key component), or keys are suspected of being compromised.

Note: If retired or replaced cryptographic keys need to be retained, these keys must be securely archived (for example, by using a key-encryption key). Archived cryptographic keys should only be used for decryption/verification purposes.

bottom of page